I am planning to eventually build my own home server, and when I do I will hook it up via ethernet. But I do want to switch away from the generic FIOS router and use my own for more control over my data and security. Any recommendations?

@Takumidesh@lemmy.world
link
fedilink
English
21Y

Not sure about your budget, but I switched to a udm se and it’s pretty awesome, for me the benefit comes in with cameras and access control. the UI and off the shelf tooling is very nice with it.

Opensense is another more diy option.

I used an edge router 4 before the udm for a few years and it was pretty ok.

ASUS RT-AX86U + asuswrt-merlin is what I’ve used. Completely stable since day 1 unlike my old netgear router.

You already have some good suggestions, so i just want to mention openWRT which can be flashed on off-the-shelf router combo (just check their supported devices first, if you go this route)

@dan@upvote.au
link
fedilink
English
11Y

My TP-Link ER8411 can’t be flashed with OpenWRT even though their software is based on a very old version of it. :(

I have 10Gbps internet and can’t find any 10Gbps routers that support custom firmware. Building a pfSense system that supports 10Gbps would be much more expensive and use more power than a router that has a purpose-built SoC.

@LufyCZ@lemmy.world
link
fedilink
English
11Y

Have you thought about getting something like this?

https://youtu.be/a3EMMYTdOYo

@dan@upvote.au
link
fedilink
English
11Y

I don’t have space for full-depth rackmount hardware - I just have a small shallow networking rack.

From the video, it sounds like this device can’t actually achieve 10Gbps in real life. At 46:44 in the video, he says that he got 6.5Gbps with the firewall enabled and one firewall rule, and at 47:15 he said that NAT download speed (i.e. what you’d experience with an actual internet connection) was only 4.2Gbps.

I get full speed through my ER8411, and it was cheaper than this device too ($350). I’m annoyed by a lack of IPv6 features, but it does achieve full 10Gbps speeds at least.

@LufyCZ@lemmy.world
link
fedilink
English
11Y

Ah, that’s kinda terrible, too bad

@PipedLinkBot@feddit.rocks
bot account
link
fedilink
English
61Y

Here is an alternative Piped link(s): https://piped.video/a3EMMYTdOYo

https://piped.video/a3EMMYTdOYo

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source, check me out at GitHub.

@vividspecter@lemm.ee
link
fedilink
English
1
edit-2
1Y

It also works on x86 and has better bufferbloat mitigation than the BSD based router systems (*sense), which means lower latency/pings under heavy WAN (internet) load.

@Zozano@aussie.zone
link
fedilink
English
21Y

Love OpenWRT!

As a networking noob I spent more than a week configuring it to get it right, including needing to SSH into it because I flashed the wrong firmware (do not get NA and EU confused, the difference is enough to flat line your modem).

But in the end, I eliminated my bufferbloat with SQM; a feature the stock device lacked. I also set up a USB to act as expanded storage to install more software.

grimer
link
fedilink
English
61Y

I’ve had amazing luck with the Synology routers. You can start with one then if you want/need you add more to create a mesh network. I find the interface easy as well. My 2 cents of course…

Wintermute
link
fedilink
English
51Y

Another vote for Synology here. I have 2 RT2600 and 1 RT1600 between myself and my parents houses. They have been completely bullet proof and the oldest one is going on 7 years old now.

Mikrotik RB5009 is my router.

Moving to OPNsense

@Pulsar@lemmy.world
link
fedilink
English
11Y

Any specific reason to move from a Mikrotik to OPNsense?

@randombullet@feddit.de
link
fedilink
English
11Y

I just want to hate my life again when setting it up. But I’d also like to reconsolidate my VMs. Currently running a server and the router. My server hosts a few networking services.

I’d rather be able to turn off the big server when I’m out for work to save power.

So if I can run a lower powered router the the ability to run containers and VMs for network essential tasks, and then turn off my power hungry server for trips that can span a few weeks.

@Moonrise2473@feddit.it
link
fedilink
English
51Y

I like the fritzbox ones but I think in USA the best is the base Unifi one (dream router)

Or a cheap decommissioned thinkcentre tiny m700 with opnsense

density
link
fedilink
11Y

if you run a router on a computer like you suggest, can you also do other stuff with the computer like file serving? or is it a single function device for reasons of security or system resources?

@Moonrise2473@feddit.it
link
fedilink
English
11Y

theoretically you can install it as a VM on a computer that does many other stuff, but the more stuff it does, the more chances you need to take it down to reconfigure, reinstall, install updates and so on. When that computer is down, you’re offline

If you want the full control use https://opnsense.org/ on a mini pc or in a VM on your home server.

Please don’t host a router on a Hypervisor VM. That does not benefit security. First of all a router is an integral part of the (home) network, therefore it should not be dependent on anything, like a hypervisor. You want to be able to replace or update your server/ hypervisor independently from each other, for example in 5 hrs your router might be still rocking all data, but you would want to upgrade your home server / hypervisor. Furthermore all those OpenWRT, PFsense, OpenSense kernel/ OS hardening is more effective on the hardware itself, especially all RAM/ Memory based security measures. Also if you truly want to be more secure, you use dedicated hardware for multiple reasons, performance is dedicated to only routing/ firewall processing (no other service/ VM can block or slow down packet processing), reducing the attack surface (less software, less attack surface), easier to update.

BetterNotBigger
link
fedilink
English
41Y

Can this work with the “off the shelf” mesh routers.

This seems like it’s geared toward higher power hardware that’s not generally available on a consumer-grade router.

stown
link
fedilink
English
71Y

You could buy a $300 consumer router and it would be worse than just using an old PC with OPNsense.

Except that the old PC is probably less efficient at a lower clock than an AR based consumer router. You’ll get more performance and features, but it will be more expensive to run.

stown
link
fedilink
English
21Y

I guess if you live in a place where electricity is super expensive this will matter. A good majority of self-hosted people don’t seem to care much as they have server racks full of old hardware.

@peregus@lemmy.world
link
fedilink
English
11Y

The Fujitsu Futro S720 consumes about 6 Watts and it’s great for OPNsense!

@Lrobie@lemmy.world
link
fedilink
English
71Y

No, off the shelf routers are usually ARM and opnsense is x86 only.

…or MIPS…

JackbyDev
link
fedilink
English
5
edit-2
1Y

Can you give us some details about your house?

My house was built in the golden age of having voip landlines that needed CAT 5e cable but before cell phones were the norm so I have a wired backhaul mesh.

Edit: it occurs to me you probably mean like a router-router being that this is self hosted lol. So disregard haha

gabe [he/him]
creator
link
fedilink
English
31Y

I live in a town house with relatively good Wifi signal coverage with no extenders needed. I am planning on eventually paying a professional to get wall Ethernet ports installed so I can hook up my most network dependent devices (gaming desktop, gaming devices) and use the router with the rest that wouldn’t make sense to hook into Ethernet.

sj_zero
link
fedilink
101Y

Pfsense or opnsense are really powerful options.

You’ll need a wireless access point as well, but those two are quite powerful and can run on quite powerful hardware.

I just got a MikroTik RB5009UPr+S+in and I’m loving it so far. I’m going to pair it with their AX ceiling wireless AP if I can ever catch it on sale again.

@Pulsar@lemmy.world
link
fedilink
English
2
edit-2
1Y

I think this is the best homelab router out there. If you are new to Mikrotik there is definitely a steep learning curve.

Openwrt is fairly good too, but I think documentation can be lacking and confusing for some edge applications. My other concerns with openwrt is performance since it is compatible with a wide variety of hardware is difficult to know how it will perform without testing it.

Yeah, it definitely took me a minute to get things set up properly, and I had to get a new VPN service, but it’s been great so far.

I want that router, but I don’t have a good reason to give my wife why our RB4011 needs to be upgraded…lol

Perrin42
link
fedilink
21Y

The Firewalla is pricey but amazing. I am running the Gold at home, and it runs Linux and supports Dockers so I’m running PiHole on the router.

I bought a mini pc with four Ethernet ports and turned that into a router

@JJGadget@lemmy.world
link
fedilink
English
151Y

This right here. get something cheap, throw opnsense or pfsense on it and start learning. It will probably be incredibly frustrating at first but when it starts to click then it is really fun and rewarding.

I bought an old dell r210ii years ago and threw pfsense on it then swapped to opnsense and could not be happier. It is still in use today, a good 6 years later.

I did mine by just adding some iptables rules to set up NAT. It’s all of four commands:

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

iptables –t nat -s 192.168.0.0/16 –A POSTROUTING –o $wan0 -j MASQUERADE

iptables –A FORWARD –i $wan0 –o $lan0 –m state --state RELATED, ESTABLISHED -j ACCEPT

iptables –A FORWARD –i $lan0 –o $wan0 –j ACCEPT

Just set $lan0 and $wan0 to your LAN and WAN interfaces. For wifi I’ve got a couple Unifi access points around the house for good coverage.

Yes, I know IPv6 is better and yadda yadda yadda but I can’t remember the addresses let alone type them so I’m not changing anything.

@d13@programming.dev
link
fedilink
English
21Y

I did this as well, but I’m wondering if it was the wrong call. It’s harder to work with firewalls (particularly if docker is involved), and I’ve struggled with stuff like SyncThing.

Most likely more learning could solve it, but I wonder if I should switch to a dedicated router OS where more support resources are available.

I’ve got almost all of my services running on a separate, bigger system and only have a couple ports open on this one. Iptables isn’t too hard once you understand the shorthand.

@d13@programming.dev
link
fedilink
English
11Y

I think my problem is trying to run docker at the same time. Docker messes heavily with iptables and makes it a real pain.

The only docker containers I run on my router are a simple search proxy and an Infrared instance that routes Minecraft server connections to another box on my LAN. But IIRC that took a bunch of fiddling

Noob here. How fast can my LAN be with such a setup?

@JJGadget@lemmy.world
link
fedilink
English
31Y

mine can push a gig around no problem.

@Jivebunny@lemmy.world
link
fedilink
English
21Y

As fast as the slowest denominator in your LAN. So give the PC that you’re going to host this on a decent Ethernet card and you should be flying.

Got a suggested device?

@peregus@lemmy.world
link
fedilink
English
21Y

Fujitsu Futro S720 with a 90° 4x PCI adapter and an Intel NIC. It consumes about 6W (maybe something more with the additional NIC). You can get the former for about 20/30€ on eBay and the rest for about 30/40€. If you have a VLAN enabled switch, you can even just use the onboard Ethernet port.

Thank you! Seems like its unavailable in Europe unless you pay a hefty premium.

There are many similar. The best is GoWin R86S

UniFi Dream Router is also a nice router for internet speeds up to 700 Mbps.

Ubiquiti is hot garbage on a good day.

@girsaysdoom@sh.itjust.works
link
fedilink
English
17
edit-2
1Y

Everyone has some great recommendations. I didn’t see anything about Ubiquiti so I’ll throw it out there since I’ve had a good experience with them. The Dream Machine is for home/small office setups and is fairly inexpensive for what it does: https://store.ui.com/us/en/collections/unifi-dream-router.

Edit: it’s now the dream router. They changed the name it seems.

@fraydabson@sopuli.xyz
link
fedilink
English
01Y

I’ve considered upgrading to a dream machine. I’m still rocking an old USG

Bakkoda
link
fedilink
English
11Y

I just retired an Edgerouter lite for a UDM Pro. Finally happy with it after moving on to the 3.x firmware.

@fraydabson@sopuli.xyz
link
fedilink
English
11Y

Glad to hear it. I went from edge router to usg and haven’t seen anything since to move to. After all the problems I was hearing about UDM I didn’t end up trying it

@jemikwa@lemmy.blahaj.zone
link
fedilink
English
3
edit-2
1Y

My only complaint is that coming from a networking background, Ubiquity’s OS is awful and makes me want to gouge my eyeballs out. Navigating the interface to find settings makes no sense, it’s not very granular in how you can configure certain filtering settings, dual wan setups are difficult to manually change over, and good luck looking at logs to troubleshoot any traffic flow issues (hint: you can’t).

For someone who just needs a firewall and a VPN endpoint, it’s great. If you need anything more than that, get opnsense/pfsense. Pairing one of those with Ubiquity APs (which are actually pretty terrific) is a really solid setup.

Uninvited Guest
link
fedilink
English
41Y

This is interesting, I hadn’t seen this from them before and I’m in the market for a new router! Does this play nicely with additional access points?

I have an older version but I think they all work pretty much the same. It should work fine for you depending on the brand/voltage of the APs you have currently.

Uninvited Guest
link
fedilink
English
11Y

I have a couple Asus CT8’s that are dying on me, so I’d like to see if I can turn them in to AP’s. While I’d eventually like to get on to an OpnSense box I need a near term solution (as that will be a steep learning curve for me).

Is there a resource available that documents compatability?

I’d say they should work fine if you can disable the routing and have them act just like WiFi access points. Then connect the LAN ports to the Ubiquiti and you should be good. That said, I’m not familiar with those devices so take this as you will.

The only compatibility issues I was thinking about was PoE-related mainly but those look like they need their own power supplies. Ubiquiti used to push a nonstandard PoE spec with some of their APs but I don’t think that’s the case anymore.

@Oderus@lemmy.world
link
fedilink
English
21Y

They work with existing Ubiquiti AP’s no problem. I have the Dream Machine (I guess Dream router now) and it’s awesome. Wish I got the Dream Machine Pro which is switch-like and comes with no AP’s so you have to add them as needed and it supports cameras.

@glue_snorter@lemmy.sdfeu.org
link
fedilink
English
1
edit-2
1Y

They don’t supply PoE, mind.

I’m planning an ubiquiti deployment:

  • 5-6x AP 6 Pro (haven’t done survey yet)
  • 1x TL-SG1016PE PoE switch (yuck, but cheap)
  • 1x R86S running opnsense and docker VMs, with unifi controller and pihole in docker

The R86S is the same price as the dream machine, but good luck running pihole on the DM.

I considered Mikrotik, but my mum would have to call me every time there was an issue, and it would only be marginally cheaper. I expect any competent local tech to be able to support unifi and opnsense.

Kushan
link
fedilink
English
31Y

I wish they had more 2.5G or even SPF+ options in this range. I’m lucky enough to have a >1gigabit home connection but router options are surprisingly limited if I want that full connection speed going to my server

They do have the XG series. I actually have a SW-16-XG for the backplane on my server for my SAN. Local access 10G using SFP+ ports are definitely doable if you don’t need to cross any VLANs or do any routing.

I haven’t used one personally but the cheapest they have is the Flex-XG switch it seems, which seems pretty cheap for 10G.

Kushan
link
fedilink
English
21Y

Yeah if it was just a switch I’d be fine, but for gateway/firewall options it’s a bit of a bugger unless I want a 1U device

Ohh, sorry I misread your comment. Yeah, 2.5G WAN is a little trickier unless you go with something enterprise grade it seems.

It all depends on the features you want in that router and how much you’re willing to spend. I bought a MikroTik hAP ax3, which has many enterprise features (that can come handy to us selfhosters as well) that I found myself not necessarily needing, but definitely enjoying.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 126 users / day
  • 421 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog